package com.smartodo.web.servlets;

import java.io.IOException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.User;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.errors.ValidationException;

import com.smartodo.utils.DbUtils;
import com.smartodo.utils.WebUtils;
import com.smartodo.vo.LoginVO;

/**
 * Servlet implementation class for Servlet: Login
 *
 */
 public class Login extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
   static final long serialVersionUID = 1L;
   
    /* (non-Java-doc)
	 * @see javax.servlet.http.HttpServlet#HttpServlet()
	 */
	public Login() {
		super();
	}   	
	
	/* (non-Java-doc)
	 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request, response);
	}  	
	
	/* (non-Java-doc)
	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
			
		ValidationErrorList errorList = WebUtils.getErrors();
		LoginVO vo = new LoginVO();
		
		String loginId = ESAPI.validator().getValidInput("Login Id", request.getParameter("login"), "LoginId", 255, false, errorList);
		String password = ESAPI.validator().getValidInput("Password", request.getParameter("pwd"), "AccountName", 255, false, errorList);
		
		//if no errors then authenticate login details with database
		vo.setLoginId(loginId);
		
		DbUtils.getUserDetails(vo);
		
		try {
			password = ESAPI.authenticator().hashPassword(loginId, password);
			System.out.println(password);
		} catch (EncryptionException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
		if(!password.equals(vo.getPassword())) {
			//add error to display in the JSP
			errorList.addError("Invalid login", new ValidationException("The username or password you entered is incorrect.","Login Error"));
		}
		
		//add errorList to WebUtils
		WebUtils.setErrors(errorList);
		
		//fail if any validation errors
		if (!errorList.isEmpty()) {
			RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/jsp/home.jsp");
			dispatcher.forward(request, response);
			return;
		}
		
		HttpSession session = request.getSession(true);
		session.setAttribute("loginId", vo.getLoginId());
//		
//		Cookie cookie = new Cookie("JSessionId",session.getId());
//		response.addCookie(cookie);
		
		RequestDispatcher dispatcher = request.getRequestDispatcher("Main.do");
		dispatcher.forward(request, response);
		return;

	}   	  	    
}